← Back to CVEs
CVE-2023-5183
CRITICAL9.9
Description
Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.
CVE Details
CVSS v3.1 Score9.9
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published9/27/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
illumio:core_policy_compute_engine
Weaknesses (CWE)
CWE-502CWE-502
References
https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm(security@illumio.com)
https://docs.illumio.com/Guides/security-advisories/september-2023/cve-2023-5183.htm(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.